The emergence of smart grid technology, which provides two-way communication and automates grid operations, has increased the risk of cybersecurity breaches in power distribution. Since the power distribution network involves direct interaction with consumers, it is a storehouse of useful data pertaining to consumers’ metering and billing information and energy consumption. Any attack on the distribution network could give access to the system and to critical data from a remote area, thus posing a threat to the security of the national grid. As the operations of the distribution segment are increasingly being centralised, a cyberattack could lead to a power supply failure and jeopardise the operations of the entire grid.
Cyberattacks in the power distribution segment
There are a number of avenues for cyberattacks on the distribution network. One of these is the hardware layer. The layer is embedded with components such as programmable logic controllers and remote terminal units that operate the software required for communication and control. Another avenue is the firmware layer that is in between the hardware and the software including data and instructions to control the hardware. The software layer comprises the power control systems that include a variety of software platforms and applications. The vulnerabilities in this layer range from simple coding errors to poor implementation of access control mechanisms. Further, as all the layers and components of the grid interact with each other for power system operations, a threat to any part of the grid can affect the operations of the whole system.
The issue of cybersecurity in the power distribution network has become of paramount importance in recent years, especially with the introduction of smart grids. A smart grid comprises power delivery infrastructure integrated with communication and information technologies, which enables monitoring, prediction and management of energy consumption. Since a smart grid comprises many interconnections, integration points and intelligent elements that communicate with each other, it is more vulnerable to cyberattacks. The digital network and systems are highly prone to malicious attacks from hackers, which can lead to the misuse of consumers’ data. Through a cybersecurity breach an attacker can break into the system, corrupt user privacy, acquire unauthorised access to control the software, and modify load conditions to destabilise the grid. Further, hackers can alter energy costs or change meter readings remotely. They can also feed false information into the system that could mislead the power utility into taking incorrect decisions.
Strategies for mitigating cyberthreats
In order to minimise the chances and impact of a cyberattack on the distribution network, utilities are adopting a number of safety measures and risk mitigating strategies. One of the most common measures to mitigate cyberthreats is application whitelisting through which the malware uploaded by adversaries is detected. Apart from this, configuration and patch management also lower the risk of cyberattacks, as unpatched systems are more prone to attacks. Reducing the attack surface area is also effective in managing the network. Network segmentation, isolation of the internet connection sharing network from an untrusted network and turning off unused ports/services are effective strategies to lower the risks of cyberattacks.
Another key focus area for lowering cyberthreats is managing authentication. The implementation of multi-factor authentication, separate authentication for separate zones and providing privileged access are essential. In order to minimise the impact of cyberattacks, it is essential to undertake active monitoring, quick detection and fast response, and execution of defence. Apart from this, physical security of the system and network is essential. Vulnerable areas like control centres should be notified as restricted, only allowing authorised people to enter. The control room and computer room doors should be equipped with access security systems for protection against intrusion and surveillance should be undertaken for integrity checks.
Further, in order to prevent cyberattacks, it is essential to undertake vulnerability assessment to categorise the devices in terms of high risk and general vulnerabilities. The vulnerability assessment needs to include attacks from insiders, attacks on computers that control and monitor devices, attacks on the supervisory control and data acquisition (SCADA) network, and programming of malware into the control system devices. In addition, asset mapping of all critical infrastructure equipment and periodic monitoring of the equipment for cybersecurity compliance is essential. Besides, preparing a framework for the testing of equipment and auditing is crucial.
Apart from this, it is important to ensure that network equipment does not pose a threat to cybersecurity. One of the key requirements for this is that bidding documents for the procurement of equipment are framed to encourage only those firms to participate in the bidding that are manufacturing equipment in India.
Besides, equipment suppliers should provide a certification stating that the equipment is safe to connect. The equipment must be tested for 100 per cent reliability against any vulnerability from malware and cyberattacks. Recently, the domestic electrical industry raised concerns about the contracts awarded to the Chinese firms for the installation of SCADA for power distribution. The manufacturers stated that this would provide control to foreign companies over the sector.
The Information Technology Act, 2000 and the Amendment Act, 2008 appointed the Indian Computer Emergency Response Team (CERT-In) as the national nodal agency for cybersecurity in the country. In order to ensure cybersecurity in power systems, four sectoral CERTs, namely, CERT (Transmission), CERT (Thermal), CERT (Hydro) and CERT (Distribution) have been formed. CERT-In is responsible for the collection, analysis and dissemination of information on cyberattack incidents, forecasts and alerts on cybersecurity breach, emergency measures for handling such incidents, and coordination of response activities. It is also responsible for issuing guidelines, advisories, vulnerability notes and white papers related to information security practices, procedures, prevention, response, and reporting of cyberattack incidents. In order to maintain cybersecurity, the central government has directed all utilities to identify a nodal senior executive as its chief information security officer to lead the process of strengthening organisational systems with regard to cybersecurity and implement an information security management system.
One of the key challenges facing cybersecurity implementation is managing the evolving nature of cyberattacks. In order to cope with this, it is essential to undertake research on a continuous basis for developing innovative strategies and compliance procedures to maintain cybersecurity. Besides this, it is essential to develop a foolproof cybersecurity policy and formulate a legal framework that incorporates mandatory provisions for compliance from procurement to installation to operations. Further, the security policy must lay down a technical framework to ensure cybersecurity. Apart from policy and regulatory measures, there is a need for skill development and capacity building for operating a secure grid and maintaining high standards of cybersecurity.
In sum, ensuring cybersecurity in the power distribution network is of utmost importance for the safety of the power grid. Although a number of steps are being taken to reduce the risks of cyberthreats, it is imperative to develop innovative measures to protect the grid from the evolving nature of cyberattacks.